Configure SSO with Okta
Pipedream supports Single Sign-On (SSO) with Okta. This guide shows you how to configure SSO in Pipedream to authenticate with your Okta org.
- SSO is only supported for workspaces on the Business and Enterprise plans. Visit the Pipedream pricing page to upgrade.
- You must be an administrator of your Pipedream workspace
- You must have an Okta account
In your Okta Admin dashboard, select the Applications section and click Applications below that:
Click Browse App Catalog:
Search for "Pipedream" and select the Pipedream app:
Fill out the General Settings that Okta presents, and click Done:
Select the Sign On tab, and click Edit at the top right:
Scroll down to the SAML 2.0 settings. In the Default Relay State section, enter
Set any other configuration options you need in that section or in the Credentials Details section, and click Save.
In the Sign On section, you'll see a section that includes the setup instructions for SAML:
Click the Identity Provider metadata link and copy the URL from your browser's address bar:
Visit your Pipedream workspace authentication settings. Click the toggle to Enable SSO, then click Edit SSO Configuration, and add the metadata URL in the SAML section and click Save:
Back in Okta, click on the Assignments tab of the Pipedream application. Click on the Assign dropdown and select Assign to People:
Assign the application to the relevant users in Okta, and Pipedream will configure the associated accounts on our end.
Users configured in your Okta app can log into Pipedream at https://pipedream.com/auth/sso by entering your workspaces's name (found in your Settings). You can also access your SSO sign in URL directly by visiting https://pipedream.com/auth/sso/your-workspace-name, where
your-workspace-name is the name of your workspace.
Before you configure the application in Okta, make sure all your users have matching email addresses for their Pipedream user profile and their Okta profile. Once SSO is enabled, they will not be able to change their Pipedream email address.
If a user's Pipedream email does not match the email in their IDP profile, they will not be able to log in.
If existing users signed up for Pipedream using an email and password, they will no longer be able to do so. They will only be able to sign in using SSO.